All FIDO2 credentials gone

[nekromant]

Expected behavior

No added FIDO2 credentials vanish from the database, unless explicitly deleted

Actual behavior

After a day or two migrating to mooltipass and adding credentials, FIDO2 and credentials tab went empty. Credentials were brought back via running an integrity check, but not FIDO2. I had to manually reset keys and re-add them for all accounts.

Step by step guide to reproduce the problem

Add data for vk social network. It uses vk.com, vk.ru, vkontakte.com, id.vk.ru and id.vk.com domains at the same time weirdly redirecting duing login. Link credentials for id.vk[.com,.ru] and vkontakte.com, add the FIDO2 key. At some moment you'll add up with a broken database.

WARNING: (2024-07-28T17:08:45.770) :0 - Orphan child found: "+XXXXXXXXX" at address: "6c02"
DEBUG: (2024-07-28T17:08:45.770) :0 - Number of parent orphans: 0
DEBUG: (2024-07-28T17:08:45.770) :0 - Number of children orphans: 1
DEBUG: (2024-07-28T17:08:45.770) :0 - Number of data parent orphans: 0
DEBUG: (2024-07-28T17:08:45.770) :0 - Number of data children orphans: 0
INFO: (2024-07-28T17:08:45.770) :0 - Errors were found in the database
CRITICAL: (2024-07-28T17:08:45.770) :0 - Error in our local DB (algo PB?)

Moolticute Version

1.04.0 / 1.03.0

Operating System

Mention if you are using either:

• Debian Stable

Mooltipass Device

• The Mooltipass Mini BLE

[deXol]

@nekromant: I was trying to reproduce the issue based on step by step, but unfortunately I am unable to do that.
Can you reproduce the issue? If yes, can you please attach the log when you are first encountering the issue. (During entering/exiting MMM)
Based on that I would like to investigate what can trigger this problem.

[nekromant]

Got it. Should wiping a profile clean and starting with a new spare smartcard be enough to reset thre device's state?

[limpkin]

a blank card will be enough to initialize a new profile :)

[nekromant]

A little update: I couldn't reproduce the issue, but then out of a sudden I stumbled upon it again. Now with notes. Device originally contained only 2 notes: '2fa-backup' and TODO.

I can access data in 2fa-backup, but not in todo which gives me:

Here are the relevant pieces from the log:

EBUG: (2025-01-13T22:11:07.633) ../moolticute/src/WSClient.cpp:156 - New message:  {"data":{"note":"2fa-backup","note_data":"XXXXXXXXXXXXXXXXXXXXXXX"},"msg":"get_note_node"}
DEBUG: (2025-01-13T22:11:13.410) ../moolticute/src/WSClient.cpp:156 - New message:  {"data":{"note":"2fa-backup","note_data":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"},"msg":"get_note_node"}
DEBUG: (2025-01-13T22:11:16.042) ../moolticute/src/WSClient.cpp:156 - New message:  {"data":{"error_message":"reading data failed or no data","failed":true},"msg":"get_note_node"}
DEBUG: (2025-01-13T22:11:17.765) ../moolticute/src/WSClient.cpp:156 - New message:  {"data":{"error_message":"reading data failed or no data","failed":true},"msg":"get_note_node"}
DEBUG: (2025-01-13T22:15:18.236) ../moolticute/src/WSClient.cpp:156 - New message:  {"data":{"error_message":"reading data failed or no data","failed":true},"msg":"get_note_node"}

There's definitely mysterious data corruption happening, but it's gonna be a very hard catch if it's happening once in a few months.

[limpkin]

that's baffling, especially given we have several algorithms that check for data corruption before writing anything to the DB. can you maybe tell us how you typically use the mini ble? I'm trying to find events that could create this situation.
did you import/export a DB from another unit?

[nekromant]

I keep 3 devices (1 original, 2 diy clones) in sync via nextcloud using moolticute, so import/export happens very often. I use USB connection all the time, no bluetooth.

I currently have 2 hypothesis:

1. Something battery related. When I first started using mooltipass (I had only one original unit at that time), the unit I got had a nearly dead battery.
2. A race condition between cloud sync and moolticute. E.g. the backup file gets updated as it is being restored to device.

I have yet to dive into moolticute code to see if guess #2 is possible. Meanwhile, I keep an eye on any other possible issues with the database.

P.S. We DO need a plaintext backup for the whole device database. If not for debugging - at least for the sake of fast batch import of passwords during onboarding.

[limpkin]

just to make sure we're aligned: what you may be seeing is when a database import occurs, files get duplicated and can't be accessed anymore?

[nekromant]

I'm not 100% sure what caused that. At some point I noticed that the entries were duplicated (i don't access notes often). Import issue is just my guess.